CryptMsgVerifyCountersignatureEncodedEx (Compact 2013)

3/28/2014

This function verifies that the encrypted hash has been countersigned by the CERT_PUBLIC_KEY_INFO structure, a certificate context, or a chain context.

Syntax

BOOL WINAPI CryptMsgVerifyCountersignatureEncodedEx (
    __in_opt HCRYPTPROV_LEGACY hCryptProv,
    __in DWORD dwEncodingType,
    __in PBYTE pbSignerInfo,
    __in DWORD cbSignerInfo,
    __in PBYTE pbSignerInfoCountersignature,
    __in DWORD cbSignerInfoCountersignature,
    __in DWORD dwSignerType,
    __in void *pvSigner,
    __reserved DWORD dwFlags,
    __reserved void *pvReserved
    );

Parameters

  • hCryptProv
    [in, optional] Parameter is not used and must be set to NULL.
  • dwEncodingType
    [in] Specifies the encoding type used. Only X509_ASN_ENCODING and PKCS_7_ASN_ENCODING are used. For either encoding type, use: X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
  • pbSignerInfo
    [in] Pointer to the encoded BLOB that contains the signer of the contents of a message to be countersigned.
  • cbSignerInfo
    [in] Count, in bytes, of the encoded BLOB for the signer of the contents.
  • pbSignerInfoCountersignature
    [in] Pointer to the encoded BLOB that contains the countersigner information.
  • cbSignerInfoCountersignature
    [in] Count, in bytes, of the encoded BLOB for the countersigner of the message.
  • dwSignerType
    [in] The structure that contains the signer information. The following table shows the possible values for dwSignerType and what these values represent.

    Value

    Description

    CMSG_VERIFY_SIGNER_PUBKEY

    pvSigner is a pointer to a CERT_PUBLIC_KEY_INFO structure.

    CMSG_VERIFY_SIGNER_CERT

    pvSigner is a pointer to a CERT_CONTEXT structure.

    CMSG_VERIFY_SIGNER_CHAIN

    pvSigner is a pointer to a CERT_CHAIN_CONTEXT structure.

  • pvSigner
    [in] Pointer to a CERT_PUBLIC_KEY_INFO structure, a certificate context, or a chain context depending on the value of dwSignerType.
  • dwFlags
    Reserved; set to NULL.
  • pvReserved
    Reserved; set to NULL.

Return Value

If the function succeeds, the return value is nonzero (TRUE); otherwise, it is zero (FALSE).

For extended error information, call GetLastError.

The following table shows the error codes most commonly returned by the GetLastError function.

Error code

Description

CRYPT_E_AUTH_ATTR_MISSING

The message does not contain an expected authenticated attribute.

CRYPT_E_HASH_VALUE

The hash value is not correct.

CRYPT_E_UNEXPECTED_ENCODING

The message is not encoded as expected.

CRYPT_E_UNKNOWN_ALGO

The cryptographic algorithm is unknown.

E_INVALIDARG

One or more arguments are not valid.

E_OUTOFMEMORY

Ran out of memory.

Propagated errors from the following functions might be returned.

If the function fails, GetLastError may return an Abstract Syntax Notation One (ASN.1) encoding/decoding error. For information about these errors, see ASN.1 Encoding/Decoding Return Values.

Remarks

Countersigner verification is done using the PKCS #7 SignerInfo structure. The signature must contain the encrypted hash of the encryptedDigest field of pbSignerInfo.

The issuer and serial number of the countersigner must match the countersigner information from pbSignerInfoCountersignature. The only fields referenced from pciCountersigner are SerialNumber, Issuer, and SubjectPublicKeyInfo. The SubjectPublicKeyInfo is used to access the public key that is then used to encrypt the hash from the pciCountersigner to compare it with the hash from the pbSignerInfo.

Requirements

Header

wincrypt.h

Library

crypt32.lib

See Also

Reference

Certificates Functions